Add ffmpeg-4-CVE-2025-63757.patch to fix bsc#1255392

Signed-off-by: Olaf Hering <olaf@aepfle.de>

_scmsync.obsinfo

@@ -1,4 +0,0 @@
-mtime: 1760495051
-commit: 0cacb49da48ff116c5cdfb43b3550578dc885e4023f39c1b49ac9ed044f4826f
-url: https://src.opensuse.org/jengelh/ffmpeg-4
-revision: master

build.specials.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:54bc21216667c7495f880e7b6c30fbb614b1435601485e86cced1fe4848ed11e
-size 256

ffmpeg-4-CVE-2023-6601-shim01-6b1f68cc.patch

@@ -0,0 +1,39 @@
+From 6b1f68ccb04d791f0250e05687c346a99ff47ea1 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Wed, 3 May 2023 13:08:35 +0200
+Subject: [PATCH] avformat/hls: fail on probing non hls/m3u8 file extensions
+
+Its unexpected that a .avi or other "standard" file turns into a playlist.
+The goal of this patch is to avoid this unexpected behavior and possible
+privacy or security differences.
+
+Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavformat/hls.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/libavformat/hls.c b/libavformat/hls.c
+index 8a96a37ff9..11e345b280 100644
+--- a/libavformat/hls.c
++++ b/libavformat/hls.c
+@@ -2532,8 +2532,15 @@ static int hls_probe(const AVProbeData *p)
+ 
+     if (strstr(p->buf, "#EXT-X-STREAM-INF:")     ||
+         strstr(p->buf, "#EXT-X-TARGETDURATION:") ||
+-        strstr(p->buf, "#EXT-X-MEDIA-SEQUENCE:"))
++        strstr(p->buf, "#EXT-X-MEDIA-SEQUENCE:")) {
++
++        if (!av_match_ext(p->filename, "m3u8,hls,m3u")) {
++            av_log(NULL, AV_LOG_ERROR, "Not detecting m3u8/hls with non standard extension\n");
++            return 0;
++        }
++
+         return AVPROBE_SCORE_MAX;
++    }
+     return 0;
+ }
+ 
+-- 
+2.52.0
+

ffmpeg-4-CVE-2023-6601-shim02-954d16fa.patch

@@ -0,0 +1,39 @@
+From 954d16fa3f09a04c7917a1c69a5c3e283554cb1d Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Mon, 15 May 2023 00:56:10 +0200
+Subject: [PATCH] avformat/hls: Try to implement RFC8216 playlist refusal
+
+This should fix the regression since 6b1f68ccb04d791f0250e05687c346a99ff47ea1
+
+Should fix Ticket10353 (please test and report cases that still fail)
+
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavformat/hls.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/libavformat/hls.c b/libavformat/hls.c
+index 11e345b280..425df3b26b 100644
+--- a/libavformat/hls.c
++++ b/libavformat/hls.c
+@@ -2534,7 +2534,16 @@ static int hls_probe(const AVProbeData *p)
+         strstr(p->buf, "#EXT-X-TARGETDURATION:") ||
+         strstr(p->buf, "#EXT-X-MEDIA-SEQUENCE:")) {
+ 
+-        if (!av_match_ext(p->filename, "m3u8,hls,m3u")) {
++        int mime_ok = p->mime_type && !(
++            av_strcasecmp(p->mime_type, "application/vnd.apple.mpegurl") &&
++            av_strcasecmp(p->mime_type, "audio/mpegurl") &&
++            av_strcasecmp(p->mime_type, "audio/x-mpegurl") &&
++            av_strcasecmp(p->mime_type, "application/x-mpegurl")
++            );
++
++        if (!av_match_ext    (p->filename, "m3u8,hls,m3u") &&
++             ff_match_url_ext(p->filename, "m3u8,hls,m3u") <= 0 &&
++            !mime_ok) {
+             av_log(NULL, AV_LOG_ERROR, "Not detecting m3u8/hls with non standard extension\n");
+             return 0;
+         }
+-- 
+2.52.0
+

ffmpeg-4-CVE-2023-6601-shim03-a0cb5722.patch

@@ -0,0 +1,35 @@
+From a0cb5722fda9bd03b7be31a83b043966f0fd71b8 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Mon, 15 May 2023 21:28:26 +0200
+Subject: [PATCH] avformat/hls: Check mime_ok first
+
+This should be a few nano seconds faster (not measureable)
+But Collectively the whole humankind watching hls will safe a minute
+
+Found-by: Leo Izen
+
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavformat/hls.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/libavformat/hls.c b/libavformat/hls.c
+index 425df3b26b..fc29ef0ca9 100644
+--- a/libavformat/hls.c
++++ b/libavformat/hls.c
+@@ -2541,9 +2541,9 @@ static int hls_probe(const AVProbeData *p)
+             av_strcasecmp(p->mime_type, "application/x-mpegurl")
+             );
+ 
+-        if (!av_match_ext    (p->filename, "m3u8,hls,m3u") &&
+-             ff_match_url_ext(p->filename, "m3u8,hls,m3u") <= 0 &&
+-            !mime_ok) {
++        if (!mime_ok &&
++            !av_match_ext    (p->filename, "m3u8,hls,m3u") &&
++             ff_match_url_ext(p->filename, "m3u8,hls,m3u") <= 0) {
+             av_log(NULL, AV_LOG_ERROR, "Not detecting m3u8/hls with non standard extension\n");
+             return 0;
+         }
+-- 
+2.52.0
+

ffmpeg-4-CVE-2023-6601-shim04-5b630743.patch

@@ -0,0 +1,44 @@
+From 5b630743c625669b7c6ee4a01d4e0e8b51d7e636 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Mon, 15 May 2023 21:33:03 +0200
+Subject: [PATCH] avformat/hls: Better message from hls_probe()
+
+Found-by: Kacper Michajlow <kasper93@gmail.com>
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavformat/hls.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/libavformat/hls.c b/libavformat/hls.c
+index fc29ef0ca9..2bc142510e 100644
+--- a/libavformat/hls.c
++++ b/libavformat/hls.c
+@@ -2536,17 +2536,23 @@ static int hls_probe(const AVProbeData *p)
+ 
+         int mime_ok = p->mime_type && !(
+             av_strcasecmp(p->mime_type, "application/vnd.apple.mpegurl") &&
+-            av_strcasecmp(p->mime_type, "audio/mpegurl") &&
++            av_strcasecmp(p->mime_type, "audio/mpegurl")
++            );
++
++        int mime_x = p->mime_type && !(
+             av_strcasecmp(p->mime_type, "audio/x-mpegurl") &&
+             av_strcasecmp(p->mime_type, "application/x-mpegurl")
+             );
+ 
+         if (!mime_ok &&
++            !mime_x &&
+             !av_match_ext    (p->filename, "m3u8,hls,m3u") &&
+              ff_match_url_ext(p->filename, "m3u8,hls,m3u") <= 0) {
+-            av_log(NULL, AV_LOG_ERROR, "Not detecting m3u8/hls with non standard extension\n");
++            av_log(NULL, AV_LOG_ERROR, "Not detecting m3u8/hls with non standard extension and non standard mime type\n");
+             return 0;
+         }
++        if (mime_x)
++            av_log(NULL, AV_LOG_WARNING, "mime type is not rfc8216 compliant\n");
+ 
+         return AVPROBE_SCORE_MAX;
+     }
+-- 
+2.52.0
+

ffmpeg-4-CVE-2023-6601.patch

@@ -0,0 +1,29 @@
+From d09f50c0f5f045dec35f0ca22c2212fae2378dba Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michael@niedermayer.cc>
+Date: Mon, 15 May 2023 21:39:13 +0200
+Subject: [PATCH] avformat/hls: remove non standard hls extension
+
+Suggested-by: Kacper Michajlow <kasper93@gmail.com>
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavformat/hls.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libavformat/hls.c b/libavformat/hls.c
+index 2bc142510e..4fff4405e8 100644
+--- a/libavformat/hls.c
++++ b/libavformat/hls.c
+@@ -2546,8 +2546,8 @@ static int hls_probe(const AVProbeData *p)
+ 
+         if (!mime_ok &&
+             !mime_x &&
+-            !av_match_ext    (p->filename, "m3u8,hls,m3u") &&
+-             ff_match_url_ext(p->filename, "m3u8,hls,m3u") <= 0) {
++            !av_match_ext    (p->filename, "m3u8,m3u") &&
++             ff_match_url_ext(p->filename, "m3u8,m3u") <= 0) {
+             av_log(NULL, AV_LOG_ERROR, "Not detecting m3u8/hls with non standard extension and non standard mime type\n");
+             return 0;
+         }
+-- 
+2.52.0
+

ffmpeg-4-CVE-2025-63757.patch

@@ -0,0 +1,35 @@
+From 95d890bf18e535e1ae5a9e24d801ca021e288804 Mon Sep 17 00:00:00 2001
+From: Jonathan Kang <jonathankang@gnome.org>
+Date: Thu, 15 Jan 2026 15:28:26 +0800
+Subject: [PATCH] swscale/output: Fix integer overflow in
+ yuv2ya16_X_c_template()
+
+---
+ libswscale/output.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libswscale/output.c b/libswscale/output.c
+index be22279229..49af3818b9 100644
+--- a/libswscale/output.c
++++ b/libswscale/output.c
+@@ -911,7 +911,7 @@ yuv2ya16_X_c_template(SwsContext *c, const int16_t *lumFilter,
+         int A = 0xffff;
+ 
+         for (j = 0; j < lumFilterSize; j++)
+-            Y += lumSrc[j][i] * lumFilter[j];
++            Y += lumSrc[j][i] * (unsigned)lumFilter[j];
+ 
+         Y >>= 15;
+         Y += (1<<3) + 0x8000;
+@@ -920,7 +920,7 @@ yuv2ya16_X_c_template(SwsContext *c, const int16_t *lumFilter,
+         if (hasAlpha) {
+             A = -0x40000000 + (1<<14);
+             for (j = 0; j < lumFilterSize; j++)
+-                A += alpSrc[j][i] * lumFilter[j];
++                A += alpSrc[j][i] * (unsigned)lumFilter[j];
+ 
+             A >>= 15;
+             A += 0x8000;
+-- 
+2.52.0
+

ffmpeg-4.changes

@@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Thu Jan 15 07:36:04 UTC 2026 - SongChuan Kang <sckang@suse.com>
+
+- Add ffmpeg-4-CVE-2025-63757.patch: Backport 0c6b7f948 from
+  upstream. swscale/output: Fix integer overflow in
+  yuv2ya16_X_c_template() (bsc#1255392, CVE-2025-63757).
+
+-------------------------------------------------------------------
+Sun Jan 08 10:04:01 UTC 2026 - Cliff Zhao <qzhao@suse.com>
+
+- Add ffmpeg-4-CVE-2023-6601-shim01-6b1f68cc.patch:
+  Backport 6b1f68cc from upstream, fail on probing non hls/m3u8 file
+  extensions. Its unexpected that a .avi or other "standard" file turns
+  into a playlist. The goal of this patch is to avoid this unexpected
+  behavior and possible privacy or security differences.
+  (CVE-2023-6601, bsc#1220545)
+- Add ffmpeg-4-CVE-2023-6601-shim02-954d16fa.patch:
+  Backport 954d16fa from upstream, Try to implement RFC8216 playlist
+  refusal.
+  (CVE-2023-6601, bsc#1220545)
+- Add ffmpeg-4-CVE-2023-6601-shim03-a0cb5722.patch:
+  Backport a0cb5722 from upstream, Check mime_ok first, This should
+  be a few nano seconds faster (not measureable), But Collectively
+  the whole humankind watching hls will safe a minute.
+  (CVE-2023-6601, bsc#1220545)
+- Add ffmpeg-4-CVE-2023-6601-shim04-5b630743.patch:
+  Backport 5b630743 from upstream, Better message from hls_probe()
+  (CVE-2023-6601, bsc#1220545)
+- Add ffmpeg-4-CVE-2023-6601.patch:
+  Backport d09f50c0f from upstream, remove non standard hls
+  extension.
+  (CVE-2023-6601, bsc#1220545)
+
 -------------------------------------------------------------------
 Wed Oct 15 02:12:04 UTC 2025 - SongChuan Kang <sckang@suse.com>
 

ffmpeg-4.spec

@@ -145,6 +145,12 @@ Patch31:        ffmpeg-4-CVE-2024-36618.patch
 Patch32:        ffmpeg-4-CVE-2025-7700.patch
 Patch33:        glslang16.patch
 Patch34:        ffmpeg-4-CVE-2025-59728.patch
+Patch35:        ffmpeg-4-CVE-2023-6601-shim01-6b1f68cc.patch
+Patch36:        ffmpeg-4-CVE-2023-6601-shim02-954d16fa.patch
+Patch37:        ffmpeg-4-CVE-2023-6601-shim03-a0cb5722.patch
+Patch38:        ffmpeg-4-CVE-2023-6601-shim04-5b630743.patch
+Patch39:        ffmpeg-4-CVE-2023-6601.patch
+Patch40:        ffmpeg-4-CVE-2025-63757.patch
 BuildRequires:  ladspa-devel
 BuildRequires:  libgsm-devel
 BuildRequires:  libmp3lame-devel